Thirty-five million South Koreans could have had their personal data exposed by hackers targeting one of the country’s social networks.
The Korean Communications Commission claims to have traced the hack on the Cyworld social networking website and the Nate web portal to IP addresses in China. Both sites are run by SK Telecom.
Mobile phone numbers, email addresses, names and other encrypted information are believed to have been stolen in what could be the country’s biggest ever cyber attack. The population of South Korea is around 49 million.
It generates income by selling ‘acorns’ to be used in Cyworld to purchase things such as virtual furniture and wall paintings.
The Nate portal provides access to web services such email.
South Korean government ministries, banks and corporations have suffered a number of attacks in recent months. State-funded bank Nonghyup suffered a network failure in April blamed on North Korea and 1.8m customers of Hyundai Capital has their personal information compromised.
The South Korean government has drawn up a new cyber-security plan in response.
China has also recently been implicated over spear-phishing attacks on the Gmail accounts of US and South Korean officials and Chinese human rights activists.
Mark Darvill, a direcor at security firm AEP said: “By any standard this is a massive attack and one of many in recent months where the finger has been pointed at hackers based in China.
“It’s too early to say whether this attack is politically motivated or merely an attempt to steal personal information for financial gain.
“However it’s now becoming increasingly difficult to differentiate between attacks on military, communications, financial, civilian or critical infrastructure targets.”
All Cybertrucks manufactured between November 2023 and February 2025 recalled over trim that can fall…
As Musk guts US federal agencies, SEC issues summons over Elon's failure to disclose ownership…
Moonshot project Taara spun out of Google, uses lasers and not satellites to provide internet…
Pebble creator launches two new PebbleOS-based smartwatches with 30-day battery life, e-ink screens after OS…
Amazon loses appeal in Luxembourg's administrative court over 746m euro GDPR fine related to use…
Nvidia, xAI to participate in project backed by BlackRock, Microsoft to invest $100bn in AI…
View Comments
We recently blogged about Washington's new stance that a cyber attack from a nation state will be treated as an act of war:
"Is Washington actually taking the daily/hourly/pick-your-increment hack attack seriously? Meaning not as a political expedient, but creating an environment where cyber war/crime is treated with the magnitude it merits? We sincerely hope so.
That said, if it was determined that a given breach caused harm to American treasure, then the new initiative would consider that an act of war, and rightly so. But, the attacker would have to be identified and located before any retaliation could ensue. This would require pervasive security intelligence, as we term it, or a “brain layer” over the network/s involved in the attacks."
http://blog.q1labs.com/?p=1131
Any sovereign state that determines it has been breached by another sovereign state via a cyber attack should follow Washington’s lead and treat the offense with the magnitude it merits.
John Burnham - Q1 Labs